Senators on key panel express confidence in cybersecurity nominee

Network News

Members of a key Senate committee expressed confidence Thursday that the director of the nation's largest electronic-spying agency would be confirmed as head of a new organization that will coordinate U.S. military cyber-capabilities.

Lt. Gen. Keith B. Alexander, a 35-year military intelligence officer who has led the National Security Agency since 2005, was nominated by President Obama in October to head the military's cyber-command. At a hearing before the Senate Armed Services Committee, he laid out some of the challenges of its mission, which will include protecting the military's global networks, attacking enemies through cyberspace when directed and helping the Department of Homeland Security defend the nation's private computer systems in a major attack.

Lawmakers are proceeding with Alexander's long-delayed confirmation even though the Obama administration has not fully crafted the policies and rules governing offensive action in cyberspace, and even though it has yet to detail how the new organization will work with the DHS and the private sector in a crisis.

The challenge is huge, "and you're the right person for it," said Sen. James M. Inhofe (R-Okla.) of the Armed Services Committee.

"I look forward to working with . . . you when you're confirmed," said Sen. Mark Udall (D-Colo.).

Alexander said he has "been alarmed by the increase, especially this year" of incursions by hackers and nation-states into both private-sector and Pentagon networks.

He said that although the United States is not yet engaged in cyber-warfare, the prospect is real. "I do think a cyberwar could exist," he said. "I believe it would not exist in and of itself, but as part of a larger military campaign."

The committee chairman, Sen. Carl M. Levin (D-Mich.), asked Alexander to explain how the cyber-command, which falls under the Pentagon's U.S. Strategic Command but will be located alongside the NSA at Fort Meade, would handle a major strike on the U.S. electricity grid if such an attack were carried out from outside the country but executed by computers inside it.

The DHS would be responsible for defending the networks, working with the power companies, Alexander said. It could turn to the Defense Department, which would notify the cyber-command. "One of our requirements . . . is to be prepared for the task," he said.

Coordinating the DHS, the Pentagon and industry "is probably the most difficult" problem, he said, "and the one that we're going to spend the most time trying to work our way through: How does the Defense Department help Homeland Security in a crisis like that?"